Caching only DNS server ---nlookup Errors , Help please..

Mark_Andrews at isc.org Mark_Andrews at isc.org
Mon Nov 25 12:31:07 UTC 2002 

> I hope someone can help.
>  
> I have been asked to set up a caching only DNS server for our site. The
> reason is that we are hoping it will speed up dns queries for our local
> systems and users. Our two main dns servers are located in another part of
> the country but are connected with a decent WAN link.
>  
> I am a novice to DNS but have a few years experience with Solaris. I have
> started to read the wonderful DNS Bind book, but my boss wants this up and
> running quickly!! (don't they all).
>  
> The two main DNS servers are NT systems (boo) and I believe they are
> authoritive for our local domain which is say "ziep.angus.com" the DNS
> servers are: dns1.europe.angus.com and dns2.europe.angus.com. The local dns
> server is localdns.ziep.angus.com.
>  
> I am using Solaris 2.8 and Bind version BIND 8.2.2-P5.

	Upgrade.  BIND 8.2.2-P5 has well known security vulnerabilities.
	See http://www.isc.org/products/BIND/bind-security.html
  
> I have been to Suns doc online site and also looked at the info in the bind
> book to set up my config files as below.
>  
> When I start up in.named I get the following error in the messages file.
>  
> ID 295310 daemon.info] sysquery: nlookup error on ?

	You don't have a valid hints file.  See below.
>  
> DNS queries work OK on the local dns server as they point to DNS1 and DNS2,
> but if I set up resolv.conf on local systems to point to
> localdns.ziep.shell.com, they timeout and I get the error :
> *** Can't find server name for address 129.6.200.202: Server failed
> *** Default servers are not available

	nslookup is not a good diagnostic tool.  nslookup depends on the
	reverse dns working before it will ask the question you told it
	to ask.  I suggest that you use dig.
  
> Is this because my local dns server is in a different domain? 

	No.
  
> Well I'm not really sure what this means, the first thing I do is search the
> internet, but I can't find any real explanation, Has anyone got some help
> for me? I really would appreciate it.
>  
> I am also downloading the latest version of bind just in case I get advised
> to "use the latest version"! what are the main advantages of bind 9.2.
> ?
>  
> Hoping for some help, in the meantime I am going back to the O'reilly
> book!...
>  
> Thanks
>  
> Stuart Munn
>  
> ==================
>  
>  
> /etc/named.conf
> ======================================
> options {
>         directory  "/var/named";
> };
>  
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "db.127.0.0";
> };
>  
> zone "." {
>         type hint;
>         file "db.cache";
> };
>  
> 
>  
> file /var/named/db.cache
> =========================================
> ;
> @    IN    SOA  localdns.ziep.angus.com.   root.localdns.ziep.angus.com.  (
> 
>                  2002201104       ;  serial number (YYYYDDMM##)
>                  10800            ;  refresh after 3 hours
>                  3600             ;  retry after 1 hour
>                  604800           ;  expire after 1 week
>                  86400 )          ;  minimum TTL of 1 day
> ;
> localdns.ziep.angus.com.      999999     IN    A    129.6.200.202
> ;
> europe.angus.com.                IN    NS   dns1.europe.angus.com.
> 11.26.129.in-addr.arpa          IN    NS   dns1.europe.angus.com.
> dns1.europe.angus.com.   IN    A    129.26.11.20
> ;
> europe.angus.com.                IN    NS   dns2.europe.angus.com.
> 11.26.129.in-addr.arpa          IN    NS   dns2.europe.angusl.com.
> dns2.europe.angus.com.   IN    A    129.26.11..21


	db.cache is supposed to contain the list of root servers and
	the corresponding address records.

.			518400	IN	NS	B.ROOT-SERVERS.NET.
.			518400	IN	NS	J.ROOT-SERVERS.NET.
.			518400	IN	NS	K.ROOT-SERVERS.NET.
.			518400	IN	NS	L.ROOT-SERVERS.NET.
.			518400	IN	NS	M.ROOT-SERVERS.NET.
.			518400	IN	NS	I.ROOT-SERVERS.NET.
.			518400	IN	NS	E.ROOT-SERVERS.NET.
.			518400	IN	NS	D.ROOT-SERVERS.NET.
.			518400	IN	NS	A.ROOT-SERVERS.NET.
.			518400	IN	NS	H.ROOT-SERVERS.NET.
.			518400	IN	NS	C.ROOT-SERVERS.NET.
.			518400	IN	NS	G.ROOT-SERVERS.NET.
.			518400	IN	NS	F.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.	3600000	IN	A	128.9.0.107
J.ROOT-SERVERS.NET.	3600000	IN	A	192.58.128.30
K.ROOT-SERVERS.NET.	3600000	IN	A	193.0.14.129
L.ROOT-SERVERS.NET.	3600000	IN	A	198.32.64.12
M.ROOT-SERVERS.NET.	3600000	IN	A	202.12.27.33
I.ROOT-SERVERS.NET.	3600000	IN	A	192.36.148.17
E.ROOT-SERVERS.NET.	3600000	IN	A	192.203.230.10
D.ROOT-SERVERS.NET.	3600000	IN	A	128.8.10.90
A.ROOT-SERVERS.NET.	3600000	IN	A	198.41.0.4
H.ROOT-SERVERS.NET.	3600000	IN	A	128.63.2.53
C.ROOT-SERVERS.NET.	3600000	IN	A	192.33.4.12
G.ROOT-SERVERS.NET.	3600000	IN	A	192.112.36.4
F.ROOT-SERVERS.NET.	3600000	IN	A	192.5.5.241

>  
>  
>  
> file /var/named/db.127.0.0
>   
> ============================================
>  $TTL 3h
> 0.0.127.in-addr.arpa.   IN SOA  localdns.ziep.angus.com.
> root.localdns.ziep.angus.com. (
>                                 2            ; Serial
>                                 360000        ; Refresh
>                                 30000         ; Retry
>                                 3600000       ; Expire
>                                 360000 )      ; Minimum
> 0.0.127.in-addr.arpa.   IN NS   localdns.ziep.angus.com.
> 1.0.0.127.in-addr.arpa. IN PTR  localhost.
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list